User Profile
Tzvia
MicrosoftJoined 7 years ago
User Widgets
Recent Discussions
Azure Log Analytics Log Management using Azure Data Explorer
One common questions that we get from customers and partners is how to ingest data fromAzure Log Analytics / Azure Sentinel to Azure Data Explorer from different reasons: joining data between different ADX clusters, longer retention period, heavy queries that aren't alight with LA limitations and etc. There are many good articles in the web, here is a step by step guide and code from Sentinel team at GitHub which generates code to export data from selected tables in LA, create ADX tables with the right structure and mapping at update policies to adapt LA data structure to fit with ADX supported formats. Azure Log Analytics Log Management using Azure Data ExplorerbySreedhar AndeAzure Data Explorer resources
ReadAzure Data Explorer - Reimagine Telemetry Analyticsto learn about the latest groundbreaking innovations, new features, and exciting collaborations. The event includes a keynote byRohan Kumar, CVP, Azure Dataand fascinating content by the product group team members, delivering sessions on various topics. Azure Data Explorer Online Event Recording Free online Courses: How to Start with Microsoft Azure Data Explorer Exploring Data in Microsoft Azure Using Kusto Query Language and Azure Data Explorer Microsoft Azure Data Explorer - Advanced KQL Cost Estimator:https://aka.ms/adx.costSave your spot at the Azure Data Explorer online event!
Join this event to new features, announcements, and collaborations for Azure Data Explorer. Learn how to harness the growing volume of telemetry data to drive business success while keeping costs at bay with the super cost-efficient Azure Data Explorer service. October 14th 09:00-12:00 (2 rounds: Pacific Time and British Time) The first 2.5 hours will be prerecorded sessions and the last 30 minutes will be 6 online sessions in different topics (full agenda) 2 Surface Duos will be given to the first one that will answer all the questions correct in each round (British Time and Pacific Time) Learn more about this event: https://techcommunity.microsoft.com/t5/azure-data-explorer/save-your-spot-at-the-azure-data-explorer-online-event/ba-p/1709063 Register Now and save your spot.Save your spot at the Azure Data Explorer online event!
Join this event to new features, announcements, and collaborations for Azure Data Explorer. Learn how to harness the growing volume of telemetry data to drive business success while keeping costs at bay with the super cost-efficient Azure Data Explorer service. October 14th 09:00-12:00 (2 rounds: Pacific Time and British Time) The first 2.5 hours will be prerecorded sessions and the last 30 minutes will be 6 online sessions in different topics (full agenda) 2 Surface Duos will be given to the first one that will answer all the questions correct in each round (British Time and Pacific Time) Learn more about this event: https://techcommunity.microsoft.com/t5/azure-data-explorer/save-your-spot-at-the-azure-data-explorer-online-event/ba-p/1709063 Register Now and save your spot.Copy data to Azure Data Explorer using Azure Data Factory
Azure Data Explorer is a fast, fully managed data analytics service for real-time analysis on large volumes of data streaming from many sources such as applications, websites, and IoT devices. Iteratively explore data and identify patterns and anomalies to improve products, enhance customer experiences, monitor devices, and boost operations. Explore new questions and get answers in minutes. Azure Data Factory is a fully managed cloud-based data integration service. You can use the service to populate your Azure Data Explorer database with data from your existing system and save time when building your analytics solutions. This article shows you how to use the Data Factory Copy Data tool to load data from Amazon S3 into Azure Data Explorer. You can follow similar steps to copy data from other data stores such as Azure Blob Storage, Azure SQL Database, Azure SQL Data Warehouse, Google BigQuery,Oracle, and File system (Supported data stores). Azure Data Factory offers a number of benefits for loading data into Azure Data Explorer. Read about them here!Azure Data Explorer & Namogoo
Namogoo is one of the early adopters for Azure Data Explorer. Learn about use of a modern data platform to help retailers maintain safe and healthy relationship with consumers: https://www.namogoo.com/customer-hijacking-prevention/how-azure-data-explorer-accelerates-namogoos-classification-processes-170x-faster/ "With ADX’s competency, the process is more streamlined. Using ADX’s full text indexing and retrieval, regular expression evaluation and text parsing, when over 150 searches are run, the results are obtained in 2.5 minutes, a remarkable improvement over our existing AWS-based infrastructure. " - Dor Baz, Ohad Greenshpan, Deepa IyengarTip of the week: parse, top and Update policy
Parse operator A parse operator provides a streamlined way to extend a table by applying multiple wildcard match operations on a single string expression. This is most useful when the table has a string column that combines multiple values that you want to extract into individual columns. A common example would be if you have a text columns that is produced by a developer trace instrumentation point ("printf"/"Console.WriteLine"). The following example extracts the Api and User fields from a usage trace line. KustoLogs | where EventText startswith "$$USAGE" | take 2 | parse EventText with * "Api='" Api "', User='" User "'" Ignore | project EventText, Api, User EventText Api User $$USAGE[Gateway]: Api='Admin', User='WORKGROUP\SYSTEM', Applicati Admin WORKGROUP\SYSTEM $$USAGE[Gateway]: Api='Admin', User='WORKGROUP\SYSTEM', Applicati Admin WORKGROUP\SYSTEM Top operator The top operator support sorting by numeric and string values. Usage | where Timestamp >= ago(7d) and Api == "Query" | summarize count() by User | top 1 by User User count_ AzureDataExplorer@outlook.com 13 Update Policy The update policy allows associating a query with a table, and invoking that query on each data ingestion operation to that table, then writing the query output to a different table. This is useful for scenarios that require keeping a modified subset of the original data for longer time periods.Analyze data in Azure Data Explorer using KQL magic for Jupyter Notebook
We are excited to announce KQL magic commands which extends the functionality of the Python kernel in Jupyter Notebook. KQL magic allows you to write KQL queries natively and query data from Microsoft Azure Data Explorer. You can easily interchange between Python and KQL, and visualize data using rich Plot.ly library integrated with KQL render commands. KQL magic supports Azure Data Explorer, Application Insights, and Log Analytics as data sources to run queries against. Learn more about KQL magic commands and using Azure Data Explorer with Jupyter Notebooks on theAzure blog.
